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COMPARTMENTED MULTI OPERATOR NETWORK MANAGEMENT 
Field Of The Invention 

[0001] This invention relates to communication nodes and network management 
5 systems shared by independent operators and more particularly to systems and 
methods for enforcing strong separation between independent and concurrent 
operators. 

Background 

10 [0002] Network elements and network management systems, in certain 
applications, are shared by several independent operators in carrying out 
independent operations. Typically, these independent operators are competitors 
and as such do not want other operators to have access to their network 
management system. In such cases the operations systems have to be tightly 

15 controlled so that security, in terms of information flow control, is maintained hx 
this description the term operations systems is meant as a generic reference to 
management and other equipment for provisioning and controlling the operation 
of the various network elements. 

20 [0003] The prior art solution, typically, has been to enforce a classical security 

access control in order to provide a separation between the independent operators. 
This access control of the operations system is usually enforced by the underlying 
operating systems. An example of such an operating system is the Unix operating 
system. Typically, each operator has a different role in the system wherein each 

25 operator has a user identifier and password to log in to the system so that they can 
access their particular role. However, this does not provide real separation 
between operation systems in the underlying operating system. 
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[0004] Prior art security systems is exemplified in several patent references 
including Japanese Patent 8263283 entitled "Software Management System" 
published October 11, 1996 to HidekL The system described in the Japanese patent 
has a server and several terminals which are interconnected within a local area 

5 network to enable sharing of resources, i.e. programs using a network management 
software. Network management software has a memory which stores the 
recognition names of the terminals, the security information Le. users passwords 
and the shared programs. Network logins are validated by the network 
management software through the user password while accessed programs are 

10 selectively provided to the accessing terminal through the user network rights. 
The system is intended to simplify network management and maintenance and to 
effectively prevent unauthorized program access through use of network 
management software- 

15 [0005] A second prior art system is described in published PCT Application 
No. WO 9841038 filed December 3, 1998 in the name Lagerstroem et al. Ihis 
application relates to a system by which external users, such as subscribers and 
service providers, can update their service data in a secure and controlled manner, 
on a self service basis, in an intelligent network or other telecommunications 

20 network. An access system, separate from the actual telecommunications services 
managing network element, is implemented in the invention, the access system 
providing the customers and service providers with an open interface to these 
network elements through a public data network. The access system controls 
access to the actual network elements by, for example, authenticating the party 

25 requesting access, checking whether the requesting party is associated with the 
data they desire to manipulate and/or checking to which processing operations the 
requesting party is entitled. The users can thus access their own service data in the 
network elements managing the data in a manner controlled by the access system. 
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[0006] The problem -with the above-referenced prior art is that they do not provide 
strong separation between multiple users or operators on a common management 
system. Furthermore, on a regular system there is often a ''super user" which is 
able to control all of the systems and thereby bypass the access control protection 
5 between several operators. 

[0007] Accordingly, in the prior art the equation is simple: one operations systems 
software per operator role. If there are many operators, respective instantiations of 
the operation software is running for each operator role on a common (shared) 
system and the risk of underlying, non-controlled information flow is exponential 
to the number of operators. 

Summary of the Invention 

[0008] The present invention solves the aforementioned problem by enforcing 
mandatory access control within separate operating system compartments. Each 
compartment functions autonomously, each executing the operations system 
software separately and in isolation from the other compartments. The number of 
compartments within the operating system corresponds to the number of 
operators. Each compartment is accessible only by the operator to which it has 
been allocated and it is not reachable by other operators. Additionally, no "super 
user" is available. If there is one or a thousand operators ilie security of each 
operation software will be the same. 

[0009] Therefore, in accordance with one aspect of the present invention there is 
25 provided a network management system sharable by a plurality of operators, 

comprising: a compartmented operating system having a number of compartments 
corresponding to the plurality of operators and each compartment having access 
control; means for assigning the operators to respective compartments; and 
common operations software; whereby each operator accesses the network 
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I management system via the access control of the compartment assigned to that 

operator and the compartment executes in isolation the operations software fox its 
operator. 

5 [0010] In accordance with a second aspect of the present invention there is 
provided a network element in a communications system, the network element 
being sharable by a plurality of operators comprising: a compartmented operating 
system having a number of compartments corresponding to the plurality of 
operators and each compartment having access control; means for assigning the 
10 operators to respective compartments; and common operations software; whereby 
p. each operator accesses the network element via the access control of the 

Q compartment assigned to that operator and die compartment executes in isolation 

Iff the operations software for its operator. 

ffl 15 [0011] In accordance with a third aspect of the present invention there is provided 
l± a method of controlling access to a network element in a communications system 

Mb wherein the network element is sharable by a plurality of operators, the method 

j^j comprising: providing a compartmented operating system having a number of 

O compartments corresponding to the plurality of operators and each compartment 

20 having access control; assigning the operators to respective compartments; and 
providing common operations software; whereby each operator accesses the 
network element via the access control of the compartment assigned to that 
operator and the compartment executes in isolation the operations software for its 
operator. 

25 

Brief Description of the Drawings 

[0012] The invention will now be described in greater detail with reference to the 
attached drawings wherein; 
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[0013] Figure 1 illustrates a prior art solution; and 

[0014] Figure 2 is an illustration of the solution provided by die present invention. 
Detailed Description of the Invention 

[0015] The aforementioned prior art solution is shown in Figure 1- In the prior art 
system a network element 12 is under the control of operations software 14 which 
is accessible by independent operators 16 and 18. A global administrations super 
user 20 is able to control the system and, in effect bypass any access control 
protection which may be provided to operators 16 and 18. 

[0016] The innovative solution provided by the present invention is shown in 
Figure 2. In this solution the common operations software is located in a 
compartmented operating system shown in Figure 2 as compartments 30 and 32. 
This compartmented system uses compartmented mode workstation (CMW) 
recommendation as defined by the Department of Defense (DOD) but in the 
Department of Defense implementation, the CMW is used to provide multilevel 
security. In the DOD application the CMWs provide a multilevel, multi widowing 
capability that permits users to have windows of different security levels opened 
simultaneously on their computer screens. The systems use trusted operating 
software to facilitate more interaction between intelligence analysts and the 
command staff. 

[0017] In the present application the compartmented mode work station 
recommendation is applied to network elements and network management 
systems. Trusted Solaris by Sun Microsystems is an example of an operating 
system that can be used in the present invention. 
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[0018] As shown in Figure 2 network element 12 corresponds or communicates 
with individual compartments 30 and 32. In compartments 30 and 32 the same 
software code is running but is operating as two separate processes. Also, as 
shown in Figure 2, there is no global administration super user but separation is 
5 into specific operator administrators. Two independent operators 16, 18 are shown 
on Figure 2, which it is to be understood that there may be multiple operators. 

[0019] As shown in Figure 2 there is no general supervision function that could be 
used to bypass security of information flow. Since the software is the same for 

1 0 every operator updates and maintenance are easier than in the prior art. The 
security weaknesses of the prior art are eliminated since there are no secret 
elements such as cryptographic keys to protect. Information flow control is 
ensured by a mandatory access control policy which enforces separation between 
compartments. Furthermore, each operator is not made aware of the existence of 

15 any other operators which may have access to die network element or management 
system. As noted above there is no "super user" which might be able to uncover 
anything related to activities of other operators in their departments. 

[0020] Administration of the system may be separated into several roles. For 
20 example, one role may be dedicated to create a compartment for an operator and 
another role could be created for specific operator admiiustration in each 
compartment 

[0021] Since the invention is based on compartmented mode work station 
25 applications it does not affect software running on classical Unix operating 

systems. In general, applications running on classical Sun Microsystems Solaris are 
compliant with the trusted Solaris software discussed above. For this reason the 
solution described herein can be readily retrofitted into existing management 
systems. 
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[0022] In the aforementioned prior axt solution separation is only achieved as the 
separation of role to access to the software on the underlying operating system. In 
the present invention the separation is associated to software and interface to 
5 network element as if the other operator does not exist 

[0023] Because of the aforementioned compartmented structure a potential 
disadvantage of this system is that if there is a single operator administration 
would be more complex. Accordingly, since the cost of security for only a single 

Q 10 operator is not necessary the present system would be most applicable for mul tiple 

% or shared operating situations, 

i: ~ 
'■hi' = 

[0024] It is contemplated that the solution discussed herein could be a new way of 
providing highly secured network management systems. 

p 15 

[0025] While particular embodiments of the invention have been described and 
p illustrated, it will be apparent that numerous changes can be made to the concept 

y It is to be understood that such changes will fall within the full scope of the 

invention as defined in the appended claims. 
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